search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Check USB device path access when prompting users to select a device.
[chromium-blink-merge.git] / chrome / browser / chromeos / system / device_disabling_manager_unittest.cc
blob771b71910c47f72d9e0b02080350cee85f63faf9
1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "chrome/browser/chromeos/system/device_disabling_manager.h"
6
7 #include "base/bind.h"
8 #include "base/bind_helpers.h"
9 #include "base/command_line.h"
10 #include "base/memory/ref_counted.h"
11 #include "base/prefs/scoped_user_pref_update.h"
12 #include "base/prefs/testing_pref_service.h"
13 #include "base/run_loop.h"
14 #include "chrome/browser/browser_process_platform_part.h"
15 #include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h"
16 #include "chrome/browser/chromeos/policy/device_cloud_policy_manager_chromeos.h"
17 #include "chrome/browser/chromeos/policy/device_policy_builder.h"
18 #include "chrome/browser/chromeos/policy/server_backed_device_state.h"
19 #include "chrome/browser/chromeos/policy/stub_enterprise_install_attributes.h"
20 #include "chrome/browser/chromeos/settings/device_settings_service.h"
21 #include "chrome/browser/chromeos/settings/device_settings_test_helper.h"
22 #include "chrome/common/pref_names.h"
23 #include "chrome/test/base/testing_browser_process.h"
24 #include "chromeos/chromeos_switches.h"
25 #include "components/ownership/mock_owner_key_util.h"
26 #include "components/policy/core/common/cloud/cloud_policy_constants.h"
27 #include "components/user_manager/fake_user_manager.h"
28 #include "content/public/test/test_browser_thread_bundle.h"
29 #include "policy/proto/device_management_backend.pb.h"
30 #include "testing/gmock/include/gmock/gmock.h"
31 #include "testing/gtest/include/gtest/gtest.h"
32
33 using testing::_;
34 using testing::Mock;
35
36 namespace chromeos {
37 namespace system {
38
39 namespace {
40
41 const char kTestUser[] = "user@example.com";
42 const char kEnrollmentDomain[] = "example.com";
43 const char kDisabledMessage1[] = "Device disabled 1.";
44 const char kDisabledMessage2[] = "Device disabled 2.";
45
46 }
47
48 class DeviceDisablingManagerTestBase : public testing::Test,
49 public DeviceDisablingManager::Delegate {
50 public:
51 DeviceDisablingManagerTestBase();
52
53 // testing::Test:
54 void TearDown() override;
55
56 virtual void CreateDeviceDisablingManager();
57 virtual void DestroyDeviceDisablingManager();
58
59 void UpdateInstallAttributes(const std::string& enrollment_domain,
60 const std::string& registration_user,
61 policy::DeviceMode device_mode);
62 void LogIn();
63
64 // DeviceDisablingManager::Delegate:
65 MOCK_METHOD0(RestartToLoginScreen, void());
66 MOCK_METHOD0(ShowDeviceDisabledScreen, void());
67
68 DeviceDisablingManager* GetDeviceDisablingManager() {
69 return device_disabling_manager_.get();
70 }
71
72 private:
73 policy::ScopedStubEnterpriseInstallAttributes install_attributes_;
74 chromeos::ScopedTestDeviceSettingsService test_device_settings_service_;
75 chromeos::ScopedTestCrosSettings test_cros_settings_;
76 user_manager::FakeUserManager fake_user_manager_;
77 scoped_ptr<DeviceDisablingManager> device_disabling_manager_;
78
79 DISALLOW_COPY_AND_ASSIGN(DeviceDisablingManagerTestBase);
80 };
81
82 DeviceDisablingManagerTestBase::DeviceDisablingManagerTestBase()
83 : install_attributes_("", "", "", policy::DEVICE_MODE_NOT_SET) {
84 }
85
86 void DeviceDisablingManagerTestBase::TearDown() {
87 DestroyDeviceDisablingManager();
88 }
89
90 void DeviceDisablingManagerTestBase::CreateDeviceDisablingManager() {
91 device_disabling_manager_.reset(new DeviceDisablingManager(
92 this,
93 CrosSettings::Get(),
94 &fake_user_manager_));
95 }
96
97 void DeviceDisablingManagerTestBase::DestroyDeviceDisablingManager() {
98 device_disabling_manager_.reset();
99 }
100
101 void DeviceDisablingManagerTestBase::UpdateInstallAttributes(
102 const std::string& enrollment_domain,
103 const std::string& registration_user,
104 policy::DeviceMode device_mode) {
105 policy::StubEnterpriseInstallAttributes* install_attributes =
106 static_cast<policy::StubEnterpriseInstallAttributes*>(
107 TestingBrowserProcess::GetGlobal()->platform_part()->
108 browser_policy_connector_chromeos()->GetInstallAttributes());
109 install_attributes->SetDomain(enrollment_domain);
110 install_attributes->SetRegistrationUser(registration_user);
111 install_attributes->SetMode(device_mode);
112 }
113
114 void DeviceDisablingManagerTestBase::LogIn() {
115 fake_user_manager_.AddUser(kTestUser);
116 }
117
118 // Base class for tests that verify device disabling behavior during OOBE, when
119 // the device is not owned yet.
120 class DeviceDisablingManagerOOBETest : public DeviceDisablingManagerTestBase {
121 public:
122 DeviceDisablingManagerOOBETest();
123
124 // DeviceDisablingManagerTestBase:
125 void SetUp() override;
126 void TearDown() override;
127
128 bool device_disabled() const { return device_disabled_; }
129
130 void CheckWhetherDeviceDisabledDuringOOBE();
131
132 void SetDeviceDisabled(bool disabled);
133
134 private:
135 void OnDeviceDisabledChecked(bool device_disabled);
136
137 TestingPrefServiceSimple local_state_;
138
139 base::RunLoop run_loop_;
140 bool device_disabled_;
141
142 DISALLOW_COPY_AND_ASSIGN(DeviceDisablingManagerOOBETest);
143 };
144
145 DeviceDisablingManagerOOBETest::DeviceDisablingManagerOOBETest()
146 : device_disabled_(false) {
147 EXPECT_CALL(*this, RestartToLoginScreen()).Times(0);
148 EXPECT_CALL(*this, ShowDeviceDisabledScreen()).Times(0);
149 }
150
151 void DeviceDisablingManagerOOBETest::SetUp() {
152 TestingBrowserProcess::GetGlobal()->SetLocalState(&local_state_);
153 policy::DeviceCloudPolicyManagerChromeOS::RegisterPrefs(
154 local_state_.registry());
155 CreateDeviceDisablingManager();
156 }
157
158 void DeviceDisablingManagerOOBETest::TearDown() {
159 DeviceDisablingManagerTestBase::TearDown();
160 TestingBrowserProcess::GetGlobal()->SetLocalState(nullptr);
161 }
162
163 void DeviceDisablingManagerOOBETest::CheckWhetherDeviceDisabledDuringOOBE() {
164 GetDeviceDisablingManager()->CheckWhetherDeviceDisabledDuringOOBE(
165 base::Bind(&DeviceDisablingManagerOOBETest::OnDeviceDisabledChecked,
166 base::Unretained(this)));
167 run_loop_.Run();
168 }
169
170 void DeviceDisablingManagerOOBETest::SetDeviceDisabled(bool disabled) {
171 DictionaryPrefUpdate dict(&local_state_, prefs::kServerBackedDeviceState);
172 if (disabled) {
173 dict->SetString(policy::kDeviceStateRestoreMode,
174 policy::kDeviceStateRestoreModeDisabled);
175 } else {
176 dict->Remove(policy::kDeviceStateRestoreMode, nullptr);
177 }
178 dict->SetString(policy::kDeviceStateManagementDomain, kEnrollmentDomain);
179 dict->SetString(policy::kDeviceStateDisabledMessage, kDisabledMessage1);
180 }
181
182 void DeviceDisablingManagerOOBETest::OnDeviceDisabledChecked(
183 bool device_disabled) {
184 device_disabled_ = device_disabled;
185 run_loop_.Quit();
186 }
187
188 // Verifies that the device is not considered disabled during OOBE by default.
189 TEST_F(DeviceDisablingManagerOOBETest, NotDisabledByDefault) {
190 CheckWhetherDeviceDisabledDuringOOBE();
191 EXPECT_FALSE(device_disabled());
192 }
193
194 // Verifies that the device is not considered disabled during OOBE when it is
195 // explicitly marked as not disabled.
196 TEST_F(DeviceDisablingManagerOOBETest, NotDisabledWhenExplicitlyNotDisabled) {
197 SetDeviceDisabled(false);
198 CheckWhetherDeviceDisabledDuringOOBE();
199 EXPECT_FALSE(device_disabled());
200 }
201
202 // Verifies that the device is not considered disabled during OOBE when device
203 // disabling is turned off by flag, even if the device is marked as disabled.
204 TEST_F(DeviceDisablingManagerOOBETest, NotDisabledWhenTurnedOffByFlag) {
205 base::CommandLine::ForCurrentProcess()->AppendSwitch(
206 switches::kDisableDeviceDisabling);
207 SetDeviceDisabled(true);
208 CheckWhetherDeviceDisabledDuringOOBE();
209 EXPECT_FALSE(device_disabled());
210 }
211
212 // Verifies that the device is not considered disabled during OOBE when it is
213 // already enrolled, even if the device is marked as disabled.
214 TEST_F(DeviceDisablingManagerOOBETest, NotDisabledWhenEnterpriseOwned) {
215 UpdateInstallAttributes(kEnrollmentDomain,
216 kTestUser,
217 policy::DEVICE_MODE_ENTERPRISE);
218 SetDeviceDisabled(true);
219 CheckWhetherDeviceDisabledDuringOOBE();
220 EXPECT_FALSE(device_disabled());
221 }
222
223 // Verifies that the device is not considered disabled during OOBE when it is
224 // already owned by a consumer, even if the device is marked as disabled.
225 TEST_F(DeviceDisablingManagerOOBETest, NotDisabledWhenConsumerOwned) {
226 UpdateInstallAttributes(std::string() /* enrollment_domain */,
227 std::string() /* registration_user */,
228 policy::DEVICE_MODE_CONSUMER);
229 SetDeviceDisabled(true);
230 CheckWhetherDeviceDisabledDuringOOBE();
231 EXPECT_FALSE(device_disabled());
232 }
233
234 // Verifies that the device is considered disabled during OOBE when it is marked
235 // as disabled, device disabling is not turned off by flag and the device is not
236 // owned yet.
237 TEST_F(DeviceDisablingManagerOOBETest, ShowWhenDisabledAndNotOwned) {
238 SetDeviceDisabled(true);
239 CheckWhetherDeviceDisabledDuringOOBE();
240 EXPECT_TRUE(device_disabled());
241 EXPECT_EQ(kEnrollmentDomain,
242 GetDeviceDisablingManager()->enrollment_domain());
243 EXPECT_EQ(kDisabledMessage1, GetDeviceDisablingManager()->disabled_message());
244 }
245
246 // Base class for tests that verify device disabling behavior once the device is
247 // owned.
248 class DeviceDisablingManagerTest : public DeviceDisablingManagerTestBase,
249 public DeviceDisablingManager::Observer {
250 public:
251 DeviceDisablingManagerTest();
252
253 // DeviceDisablingManagerTestBase:
254 void TearDown() override;
255 void CreateDeviceDisablingManager() override;
256 void DestroyDeviceDisablingManager() override;
257
258 //DeviceDisablingManager::Observer:
259 MOCK_METHOD1(OnDisabledMessageChanged, void(const std::string&));
260
261 void SetUnowned();
262 void SetEnterpriseOwned();
263 void SetConsumerOwned();
264 void MakeCrosSettingsTrusted();
265
266 void SetDeviceDisabled(bool disabled);
267 void SetDisabledMessage(const std::string& disabled_message);
268
269 private:
270 void SimulatePolicyFetch();
271
272 content::TestBrowserThreadBundle thread_bundle_;
273 chromeos::DeviceSettingsTestHelper device_settings_test_helper_;
274 policy::DevicePolicyBuilder device_policy_;
275
276 DISALLOW_COPY_AND_ASSIGN(DeviceDisablingManagerTest);
277 };
278
279 DeviceDisablingManagerTest::DeviceDisablingManagerTest() {
280 }
281
282 void DeviceDisablingManagerTest::TearDown() {
283 chromeos::DeviceSettingsService::Get()->UnsetSessionManager();
284 DeviceDisablingManagerTestBase::TearDown();
285 }
286
287 void DeviceDisablingManagerTest::CreateDeviceDisablingManager() {
288 DeviceDisablingManagerTestBase::CreateDeviceDisablingManager();
289 GetDeviceDisablingManager()->AddObserver(this);
290 }
291
292 void DeviceDisablingManagerTest::DestroyDeviceDisablingManager() {
293 if (GetDeviceDisablingManager())
294 GetDeviceDisablingManager()->RemoveObserver(this);
295 DeviceDisablingManagerTestBase::DestroyDeviceDisablingManager();
296 }
297
298 void DeviceDisablingManagerTest::SetUnowned() {
299 UpdateInstallAttributes(std::string() /* enrollment_domain */,
300 std::string() /* registration_user */,
301 policy::DEVICE_MODE_NOT_SET);
302 }
303
304 void DeviceDisablingManagerTest::SetEnterpriseOwned() {
305 UpdateInstallAttributes(kEnrollmentDomain,
306 kTestUser,
307 policy::DEVICE_MODE_ENTERPRISE);
308 }
309
310 void DeviceDisablingManagerTest::SetConsumerOwned() {
311 UpdateInstallAttributes(std::string() /* enrollment_domain */,
312 std::string() /* registration_user */,
313 policy::DEVICE_MODE_CONSUMER);
314 }
315
316 void DeviceDisablingManagerTest::MakeCrosSettingsTrusted() {
317 scoped_refptr<ownership::MockOwnerKeyUtil> owner_key_util(
318 new ownership::MockOwnerKeyUtil);
319 owner_key_util->SetPublicKeyFromPrivateKey(*device_policy_.GetSigningKey());
320 chromeos::DeviceSettingsService::Get()->SetSessionManager(
321 &device_settings_test_helper_,
322 owner_key_util);
323 SimulatePolicyFetch();
324 }
325
326 void DeviceDisablingManagerTest::SetDeviceDisabled(bool disabled) {
327 if (disabled) {
328 device_policy_.policy_data().mutable_device_state()->set_device_mode(
329 enterprise_management::DeviceState::DEVICE_MODE_DISABLED);
330 } else {
331 device_policy_.policy_data().mutable_device_state()->clear_device_mode();
332 }
333 SimulatePolicyFetch();
334 }
335
336 void DeviceDisablingManagerTest::SetDisabledMessage(
337 const std::string& disabled_message) {
338 device_policy_.policy_data().mutable_device_state()->
339 mutable_disabled_state()->set_message(disabled_message);
340 SimulatePolicyFetch();
341 }
342
343 void DeviceDisablingManagerTest::SimulatePolicyFetch() {
344 device_policy_.Build();
345 device_settings_test_helper_.set_policy_blob(device_policy_.GetBlob());
346 chromeos::DeviceSettingsService::Get()->OwnerKeySet(true);
347 device_settings_test_helper_.Flush();
348 }
349
350 // Verifies that the device is not considered disabled by default when it is
351 // enrolled for enterprise management.
352 TEST_F(DeviceDisablingManagerTest, NotDisabledByDefault) {
353 SetEnterpriseOwned();
354 MakeCrosSettingsTrusted();
355
356 EXPECT_CALL(*this, RestartToLoginScreen()).Times(0);
357 EXPECT_CALL(*this, ShowDeviceDisabledScreen()).Times(0);
358 EXPECT_CALL(*this, OnDisabledMessageChanged(_)).Times(0);
359 CreateDeviceDisablingManager();
360 }
361
362 // Verifies that the device is not considered disabled when it is explicitly
363 // marked as not disabled.
364 TEST_F(DeviceDisablingManagerTest, NotDisabledWhenExplicitlyNotDisabled) {
365 SetEnterpriseOwned();
366 MakeCrosSettingsTrusted();
367 SetDeviceDisabled(false);
368
369 EXPECT_CALL(*this, RestartToLoginScreen()).Times(0);
370 EXPECT_CALL(*this, ShowDeviceDisabledScreen()).Times(0);
371 EXPECT_CALL(*this, OnDisabledMessageChanged(_)).Times(0);
372 CreateDeviceDisablingManager();
373 }
374
375 // Verifies that the device is not considered disabled when device disabling is
376 // turned off by flag, even if the device is marked as disabled.
377 TEST_F(DeviceDisablingManagerTest, NotDisabledWhenTurnedOffByFlag) {
378 base::CommandLine::ForCurrentProcess()->AppendSwitch(
379 switches::kDisableDeviceDisabling);
380 SetEnterpriseOwned();
381 MakeCrosSettingsTrusted();
382 SetDeviceDisabled(true);
383
384 EXPECT_CALL(*this, RestartToLoginScreen()).Times(0);
385 EXPECT_CALL(*this, ShowDeviceDisabledScreen()).Times(0);
386 EXPECT_CALL(*this, OnDisabledMessageChanged(_)).Times(0);
387 CreateDeviceDisablingManager();
388 }
389
390 // Verifies that the device is not considered disabled when it is owned by a
391 // consumer, even if the device is marked as disabled.
392 TEST_F(DeviceDisablingManagerTest, NotDisabledWhenConsumerOwned) {
393 SetConsumerOwned();
394 MakeCrosSettingsTrusted();
395 SetDeviceDisabled(true);
396
397 EXPECT_CALL(*this, RestartToLoginScreen()).Times(0);
398 EXPECT_CALL(*this, ShowDeviceDisabledScreen()).Times(0);
399 EXPECT_CALL(*this, OnDisabledMessageChanged(_)).Times(0);
400 CreateDeviceDisablingManager();
401 }
402
403 // Verifies that the device disabled screen is shown immediately when the device
404 // is already marked as disabled on start-up.
405 TEST_F(DeviceDisablingManagerTest, DisabledOnLoginScreen) {
406 SetEnterpriseOwned();
407 MakeCrosSettingsTrusted();
408 SetDisabledMessage(kDisabledMessage1);
409 SetDeviceDisabled(true);
410
411 EXPECT_CALL(*this, RestartToLoginScreen()).Times(0);
412 EXPECT_CALL(*this, ShowDeviceDisabledScreen()).Times(1);
413 EXPECT_CALL(*this, OnDisabledMessageChanged(_)).Times(0);
414 CreateDeviceDisablingManager();
415 EXPECT_EQ(kEnrollmentDomain,
416 GetDeviceDisablingManager()->enrollment_domain());
417 EXPECT_EQ(kDisabledMessage1, GetDeviceDisablingManager()->disabled_message());
418 }
419
420 // Verifies that the device disabled screen is shown immediately when the device
421 // becomes disabled while the login screen is showing. Also verifies that Chrome
422 // restarts when the device becomes enabled again.
423 TEST_F(DeviceDisablingManagerTest, DisableAndReEnableOnLoginScreen) {
424 SetEnterpriseOwned();
425 MakeCrosSettingsTrusted();
426 SetDisabledMessage(kDisabledMessage1);
427
428 // Verify that initially, the disabled screen is not shown and Chrome does not
429 // restart.
430 EXPECT_CALL(*this, RestartToLoginScreen()).Times(0);
431 EXPECT_CALL(*this, ShowDeviceDisabledScreen()).Times(0);
432 EXPECT_CALL(*this, OnDisabledMessageChanged(_)).Times(0);
433 CreateDeviceDisablingManager();
434 Mock::VerifyAndClearExpectations(this);
435
436 // Mark the device as disabled. Verify that the device disabled screen is
437 // shown.
438 EXPECT_CALL(*this, RestartToLoginScreen()).Times(0);
439 EXPECT_CALL(*this, ShowDeviceDisabledScreen()).Times(1);
440 EXPECT_CALL(*this, OnDisabledMessageChanged(_)).Times(0);
441 EXPECT_CALL(*this, OnDisabledMessageChanged(kDisabledMessage1)).Times(1);
442 SetDeviceDisabled(true);
443 Mock::VerifyAndClearExpectations(this);
444 EXPECT_EQ(kEnrollmentDomain,
445 GetDeviceDisablingManager()->enrollment_domain());
446 EXPECT_EQ(kDisabledMessage1, GetDeviceDisablingManager()->disabled_message());
447
448 // Update the disabled message. Verify that the device disabled screen is
449 // updated.
450 EXPECT_CALL(*this, RestartToLoginScreen()).Times(0);
451 EXPECT_CALL(*this, ShowDeviceDisabledScreen()).Times(0);
452 EXPECT_CALL(*this, OnDisabledMessageChanged(_)).Times(0);
453 EXPECT_CALL(*this, OnDisabledMessageChanged(kDisabledMessage2)).Times(1);
454 SetDisabledMessage(kDisabledMessage2);
455 Mock::VerifyAndClearExpectations(this);
456 EXPECT_EQ(kDisabledMessage2, GetDeviceDisablingManager()->disabled_message());
457
458 // Mark the device as enabled again. Verify that Chrome restarts.
459 EXPECT_CALL(*this, RestartToLoginScreen()).Times(1);
460 EXPECT_CALL(*this, ShowDeviceDisabledScreen()).Times(0);
461 EXPECT_CALL(*this, OnDisabledMessageChanged(_)).Times(0);
462 SetDeviceDisabled(false);
463 }
464
465 // Verifies that Chrome restarts when the device becomes disabled while a
466 // session is in progress.
467 TEST_F(DeviceDisablingManagerTest, DisableDuringSession) {
468 SetEnterpriseOwned();
469 MakeCrosSettingsTrusted();
470 SetDisabledMessage(kDisabledMessage1);
471 LogIn();
472
473 // Verify that initially, the disabled screen is not shown and Chrome does not
474 // restart.
475 EXPECT_CALL(*this, RestartToLoginScreen()).Times(0);
476 EXPECT_CALL(*this, ShowDeviceDisabledScreen()).Times(0);
477 EXPECT_CALL(*this, OnDisabledMessageChanged(_)).Times(0);
478 CreateDeviceDisablingManager();
479 Mock::VerifyAndClearExpectations(this);
480
481 // Mark the device as disabled. Verify that Chrome restarts.
482 EXPECT_CALL(*this, RestartToLoginScreen()).Times(1);
483 EXPECT_CALL(*this, ShowDeviceDisabledScreen()).Times(0);
484 EXPECT_CALL(*this, OnDisabledMessageChanged(_)).Times(0);
485 EXPECT_CALL(*this, OnDisabledMessageChanged(kDisabledMessage1)).Times(1);
486 SetDeviceDisabled(true);
487 }
488
489 // Verifies that the HonorDeviceDisablingDuringNormalOperation() method returns
490 // true iff the device is enterprise enrolled and device disabling is not turned
491 // off by flag.
492 TEST_F(DeviceDisablingManagerTest, HonorDeviceDisablingDuringNormalOperation) {
493 // Not enterprise owned, not disabled by flag.
494 EXPECT_FALSE(
495 DeviceDisablingManager::HonorDeviceDisablingDuringNormalOperation());
496
497 // Enterprise owned, not disabled by flag.
498 SetEnterpriseOwned();
499 EXPECT_TRUE(
500 DeviceDisablingManager::HonorDeviceDisablingDuringNormalOperation());
501
502 // Enterprise owned, disabled by flag.
503 base::CommandLine::ForCurrentProcess()->AppendSwitch(
504 switches::kDisableDeviceDisabling);
505 EXPECT_FALSE(
506 DeviceDisablingManager::HonorDeviceDisablingDuringNormalOperation());
507
508 // Not enterprise owned, disabled by flag.
509 SetUnowned();
510 EXPECT_FALSE(
511 DeviceDisablingManager::HonorDeviceDisablingDuringNormalOperation());
512 }
513
514 } // namespace system
515 } // namespace chromeos